Описание
Plone CMS 3.0.5, and probably other 3.x versions, places a base64 encoded form of the username and password in the __ac cookie for the admin account, which makes it easier for remote attackers to obtain administrative privileges by sniffing the network.
Ссылки
- Exploit
- Exploit
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 3 (включая)Версия до 3.0.5 (включая)
Одно из
cpe:2.3:a:plone:plone_cms:*:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone_cms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 82%
0.0167
Низкий
10 Critical
CVSS2
Дефекты
CWE-255
Связанные уязвимости
ubuntu
больше 17 лет назад
Plone CMS 3.0.5, and probably other 3.x versions, places a base64 encoded form of the username and password in the __ac cookie for the admin account, which makes it easier for remote attackers to obtain administrative privileges by sniffing the network.
debian
больше 17 лет назад
Plone CMS 3.0.5, and probably other 3.x versions, places a base64 enco ...
EPSS
Процентиль: 82%
0.0167
Низкий
10 Critical
CVSS2
Дефекты
CWE-255